Hi,
The production server that has a public IP address has SSH enabled. This server
is continuously under dictionary attack:
Oct 8 12:58:40 seven sshd[32248]: Invalid user europa from 83.65.199.91
Oct 8 12:58:40 seven sshd[32250]: Invalid user hacked from 83.65.199.91
Oct 8 12:58:40 seven sshd[32251]: Invalid user cop\r from 83.65.199.91
Oct 8 12:58:41 seven sshd[32254]: Invalid user gel from 83.65.199.91
Oct 8 12:58:41 seven sshd[32255]: Invalid user dork from 83.65.199.91
Oct 8 12:58:41 seven sshd[32258]: Invalid user eva from 83.65.199.91
Oct 8 12:58:41 seven sshd[32260]: Invalid user hacker from 83.65.199.91
Oct 8 12:58:41 seven sshd[32261]: Invalid user copila\r from 83.65.199.91
Oct 8 12:58:42 seven sshd[32265]: Invalid user dorna from 83.65.199.91
Oct 8 12:58:42 seven sshd[32264]: Invalid user gelo from 83.65.199.91
Oct 8 12:58:42 seven sshd[32268]: Invalid user evara from 83.65.199.91
Oct 8 12:58:43 seven sshd[32270]: Invalid user hack from 83.65.199.91
Oct 8 12:58:43 seven sshd[32271]: Invalid user copil\r from 83.65.199.91
Oct 8 12:58:43 seven sshd[32274]: Invalid user Doubled from 83.65.199.91
Oct 8 12:58:43 seven sshd[32275]: Invalid user gelos from 83.65.199.91
Oct 8 12:58:44 seven sshd[32278]: Invalid user eve from 83.65.199.91
Is there a way that I could configure the server so that if there are for
example X attempts from an IP address then for the next Y hours all the SSH
requests would be ignored from that IP address?
There are only a handful of people who have access to that server.
Thanks
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
